This site uses cookies in accordance with our Privacy Policy.
Wordfence Research and News
Easily Exploitable Vulnerabilities Patched in WP Database Reset Plugin
On January 7th, our Threat Intelligence team discovered vulnerabilities in WP Database Reset, a WordPress plugin installed on over 80,000 websites.
Multiple Vulnerabilities Patched in Minimal Coming Soon & Maintenance Mode – Coming Soon Page Plugin
A few weeks ago, our threat intelligence team discovered several vulnerabilities present in Minimal Coming Soon & Maintenance Mode – Coming Soon Page, a WordPress plugin installed on over 80,000 websites.
Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager
Description: Authenticated Arbitrary Redirect Injection and Modification Affected Plugin: 301 Redirects – Easy Redirect Manager CVSS Score: 9.0 (Critical) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE ID: CVE-2019-19915 Affected Versions: <= 2.40 Patched Version: 2.45 On Friday December 13th, our Threat Intelligence team discovered vulnerabilities present in 301 Redirects – Easy Redirect Manager, a WordPress plugin installed on ...
High Severity Vulnerability Patched in WP Maintenance Plugin
Description: Cross-Site Request Forgery to Stored Cross-Site Scripting CVE ID: CVE-2019-19979 CVSS v3.0 Score: 8.8 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H Affected Plugin: WP Maintenance Plugin Slug: wp-maintenance Affected Versions: <= 5.0.5 Patched Version: 5.0.6 On November 15th, 2019, our Threat Intelligence team identified a vulnerability present in WP Maintenance, a WordPress plugin with approximately 30,000+ active installs.
Multiple Vulnerabilities Patched in Email Subscribers & Newsletters Plugin
A few weeks ago, our Threat Intelligence team identified several vulnerabilities present in Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs.
Medium Severity Vulnerability Patched in Fast Velocity Minify Plugin
Description: Full Path Disclosure CVE ID: CVE-2019-19983 CVSS v3.0 Score: 4.3 (Medium) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Plugin: Fast Velocity Minify Plugin Slug: fast-velocity-minify Affected Versions: <= 2.7.6 Patched Version: 2.7.7 A few days ago, our Threat Intelligence team identified a vulnerability present in Fast Velocity Minify, a WordPress plugin with approximately 80,000+ active installs.
Authentication Bypass Vulnerability in GiveWP Plugin
Description: Authentication Bypass with Information Disclosure CVSS v3.0 Score: 7.5 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Plugin: GiveWP Plugin Slug: give Affected Versions: <= 2.5.4 Patched Version: 2.5.5 A few weeks ago, our Threat Intelligence team discovered a vulnerability present in GiveWP, a WordPress plugin installed on over 70,000 websites.
Breaking WordPress Security Research in your inbox as it happens.
